codefresh changes

Author: ATGardner

.dockerignore

@@ -17,6 +17,8 @@ manifests/
 hack/
 docs/
 examples/
+.dockerignore
+.git/
 .github/
 !test/container
 !test/e2e/testdata

.github/ISSUE_TEMPLATE/config.yml

@@ -5,7 +5,7 @@ contact_links:
     url: https://argo-cd.readthedocs.io/
     about: Much help can be found in the docs
   - name: Ask a question
-    url: https://github.com/argoproj/argo-cd/discussions/new
+    url: https://github.com/codefresh-io/argo-cd/discussions/new
     about: Ask a question or start a discussion about Argo CD
   - name: Chat on Slack
     url: https://argoproj.github.io/community/join-slack

.github/workflows/cf-release.yaml

@@ -0,0 +1,40 @@
+name: Init CF ArgoCD Release
+on:
+  workflow_dispatch:
+        
+permissions:
+  contents: write
+  actions: write
+
+jobs:
+  prepare-release:
+    permissions:
+      contents: write
+      actions: write  # for peter-evans/create-pull-request to create branch
+    name: Automatically generate version and manifests on ${{ inputs.TARGET_BRANCH }}
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694  # v4.0.0
+        with:
+          fetch-depth: 0
+          # use personal token due to https://stackoverflow.com/questions/72110432/github-workflow-is-not-triggered-after-pushing-tags
+          token: ${{ secrets.RELEASE_GITHUB_TOKEN }}
+          ref: ${{ inputs.TARGET_BRANCH }}
+
+      - name: Check if TARGET_VERSION is well formed.
+        run: |
+          set -xue
+          # Target version must not contain 'v' prefix
+          if echo "${{ inputs.TARGET_VERSION }}" | grep -e '^v'; then
+            echo "::error::Target version '${{ inputs.TARGET_VERSION }}' should not begin with a 'v' prefix, refusing to continue." >&2
+            exit 1
+          fi
+
+      - name: Create release
+        run: |
+          git config --global user.name "CI-Codefresh"
+          git config --global user.email "integration@codefresh.io"
+          make cf-release
+
+

.github/workflows/ci-build.yaml

@@ -2,14 +2,14 @@ name: Integration tests
 on:
   push:
     branches:
-      - 'master'
+#      - 'master'
       - 'release-*'
       - '!release-1.4'
       - '!release-1.5'
   pull_request:
     branches:
-      - 'master'
-      - 'release-*'
+#      - 'master'
+      - 'release-*' # Codefresh change instead of `master`
 
 env:
   # Golang version to use across CI steps

.github/workflows/default-branch-check.yaml

@@ -0,0 +1,18 @@
+name: PR check
+
+on:
+  pull_request:
+    branches:
+      - "release-*"
+
+jobs:
+  test-default-branch:
+    name: base branch is a default branch
+    runs-on: ubuntu-latest
+    steps:
+    - name: fail if base branch is not default branch
+      if: ${{ github.event.pull_request.base.ref != github.event.repository.default_branch }}
+      uses: actions/github-script@ffc2c79a5b2490bd33e0a41c1de74b877714d736 # v3.2.0
+      with:
+        script: |
+            core.setFailed("Base branch of the PR - ${{ github.event.pull_request.base.ref }} is not a default branch. Please reopen your PR to ${{ github.event.repository.default_branch }}")

.github/workflows/image.yaml

@@ -3,11 +3,12 @@ name: Image
 on:
   push:
     branches:
-      - master
-  pull_request:
-    branches:
-      - master
-    types: [ labeled, unlabeled, opened, synchronize, reopened ]
+      # - master
+      - "release-*" # Codefresh change instead of `master`
+  # pull_request:
+  #   branches:
+  #     - master
+  #   types: [ labeled, unlabeled, opened, synchronize, reopened ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -19,7 +20,7 @@ jobs:
   set-vars:
     permissions:
       contents: read
-    if: github.repository == 'argoproj/argo-cd'
+    if: github.repository == 'codefresh-io/argo-cd'
     runs-on: ubuntu-22.04
     outputs:
       image-tag: ${{ steps.image.outputs.tag}}
@@ -116,4 +117,3 @@ jobs:
           git config --global user.name 'CI'
           git diff --exit-code && echo 'Already deployed' || (git commit -am 'Upgrade argocd to ${{ needs.set-vars.outputs.image-tag }}' && git push)
         working-directory: argoproj-deployments/argocd
-

.github/workflows/release.yaml

@@ -1,13 +1,15 @@
-name: Publish ArgoCD Release
+name: Create ArgoCD release
 on:
   push:
     tags:
-      - 'v*'
-      - '!v2.4*'
-      - '!v2.5*'
-      - '!v2.6*'
-
-permissions: {}
+      - "release-v**"
+      - "!release-v1.5*"
+      - "!release-v1.4*"
+      - "!release-v1.3*"
+      - "!release-v1.2*"
+      - "!release-v1.1*"
+      - "!release-v1.0*"
+      - "!release-v0*"
 
 env:
   # renovate: datasource=golang-version packageName=golang
@@ -40,7 +42,7 @@ jobs:
         packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues)
       # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
       if: github.repository == 'argoproj/argo-cd'
-      uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0
+      uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.9.0
       with:
         image: quay.io/argoproj/argocd
         digest: ${{ needs.argocd-image.outputs.image-digest }}
@@ -56,8 +58,14 @@ jobs:
       contents: write # used for uploading assets
     if: github.repository == 'argoproj/argo-cd'
     runs-on: ubuntu-22.04
+    env:
+      ARTIFACT_NAME: release-notes
     outputs:
-      hashes: ${{ steps.hash.outputs.hashes }}
+      TARGET_VERSION: ${{ steps.setup-vars.outputs.TARGET_VERSION }}
+      TARGET_BRANCH: ${{ steps.setup-vars.outputs.TARGET_BRANCH }}
+      PRE_RELEASE: ${{ steps.setup-vars.outputs.PRE_RELEASE }}
+      RELEASE_TAG: ${{ steps.setup-vars.outputs.RELEASE_TAG }}
+      RELEASE_NOTES: ${{ steps.release-notes.outputs.RELEASE_NOTES }}
 
     steps:
       - name: Checkout code
@@ -85,14 +93,6 @@ jobs:
           echo "KUBECTL_VERSION=$(go list -m k8s.io/client-go | head -n 1 | rev | cut -d' ' -f1 | rev)" >> $GITHUB_ENV
           echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV
 
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
-        with:
-          large-packages: false
-          docker-images: false
-          swap-storage: false
-          tool-cache: false
-
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf # v6.1.0
         id: run-goreleaser
@@ -126,7 +126,7 @@ jobs:
       contents: write #  Needed for release uploads
     if: github.repository == 'argoproj/argo-cd'
     # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
     with:
       base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
       provenance-name: "argocd-cli.intoto.jsonl"
@@ -135,21 +135,43 @@ jobs:
   generate-sbom:
     name: Create SBOM and generate hash
     needs:
-      - argocd-image
-      - goreleaser
-    permissions:
-      contents: write # Needed for release uploads
-    outputs:
-      hashes: ${{ steps.sbom-hash.outputs.hashes}}
-    if: github.repository == 'argoproj/argo-cd'
-    runs-on: ubuntu-22.04
+      - prepare-release
+      - binaries
+      - container-image
     steps:
       - name: Checkout code
         uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
         with:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Setup Git author information
+        run: |
+          set -ue
+          git config --global user.email "${GIT_EMAIL}"
+          git config --global user.name "${GIT_USERNAME}"
+      - name: Checkout corresponding release branch
+        run: |
+          set -ue
+          echo "Switching to release branch '${TARGET_BRANCH}'"
+          if ! git checkout ${TARGET_BRANCH}; then
+            echo "::error::Checking out release branch '${TARGET_BRANCH}' for target version '${TARGET_VERSION}' (tagged '${RELEASE_TAG}') failed. Does it exist in repo?"
+            exit 1
+          fi
+
+      - name: Create the release tag
+        run: |
+          set -ue
+          echo "Creating release ${RELEASE_TAG}"
+          git tag ${RELEASE_TAG}
+
+      - name: Push changes to release branch
+        run: |
+          set -ue
+          # Codefresh change
+          # git push origin ${TARGET_BRANCH}
+          git push origin ${RELEASE_TAG}
+
       - name: Setup Golang
         uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
@@ -166,7 +188,7 @@ jobs:
           # managers (gomod, yarn, npm).
           PROJECT_FOLDERS: ".,./ui"
           # full qualified name of the docker image to be inspected
-          DOCKER_IMAGE: quay.io/argoproj/argocd:${{ github.ref_name }}
+          DOCKER_IMAGE: ${{env.IMAGE_NAMESPACE}}/argocd:v${{env.TARGET_VERSION}}
         run: |
           yarn install --cwd ./ui
           go install github.com/spdx/spdx-sbom-generator/cmd/generator@$SPDX_GEN_VERSION
@@ -199,7 +221,10 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          name: ${{ env.RELEASE_TAG }}
           files: |
+            argocd-*
             /tmp/sbom.tar.gz
 
   sbom-provenance:
@@ -228,12 +253,13 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout code
-        uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
-          fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{env.HOMEBREW_TOKEN}}
+          formula: argocd
+        if: ${{ env.HOMEBREW_TOKEN != '' && env.UPDATE_HOMEBREW == 'true' && env.PRE_RELEASE != 'true' }}
 
-      - name: Setup Git author information
+      - name: Delete original request tag from repository
         run: |
           set -ue
           git config --global user.email 'ci@argoproj.com'
@@ -289,7 +315,7 @@ jobs:
           # Replace the 'project-release: vX.X.X-rcX' line in SECURITY-INSIGHTS.yml
           sed -i "s/project-release: v.*$/project-release: v${{ env.NEW_VERSION }}/" SECURITY-INSIGHTS.yml
           # Update the 'commit-hash: XXXXXXX' line in SECURITY-INSIGHTS.yml
-          sed -i "s/commit-hash: .*/commit-hash: ${{ env.COMMIT_HASH }}/" SECURITY-INSIGHTS.yml
+          sed -i "s/commit-hash: .*/commit-hash: ${{ env.NEW_VERSION }}/" SECURITY-INSIGHTS.yml
         if: ${{ env.UPDATE_VERSION == 'true' }}
 
       - name: Create PR to update VERSION on master branch

.github/workflows/update-snyk.yaml

@@ -1,6 +1,5 @@
 name: Snyk report update
 on:
-  workflow_dispatch: {}
   schedule:
     - cron: '0 0 * * 0' # midnight every Sunday
 
@@ -10,8 +9,7 @@ permissions:
 jobs:
   snyk-report:
     permissions:
-      contents: write
-      pull-requests: write
+      contents: write  # To push snyk reports
     if: github.repository == 'argoproj/argo-cd'
     name: Update Snyk report in the docs directory
     runs-on: ubuntu-22.04
@@ -22,12 +20,9 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
       - name: Build reports
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         run: |
           make snyk-report
-          pr_branch="snyk-update-$(echo $RANDOM | md5sum | head -c 20)"
-          git checkout -b "$pr_branch"
           git config --global user.email 'ci@argoproj.com'
           git config --global user.name 'CI'
           git add docs/snyk

.mockery.yaml

@@ -6,6 +6,9 @@ mockname: "{{.InterfaceName}}"
 with-expecter: false
 # individual interface config
 packages:
+  github.com/argoproj/argo-cd/v2/acr_controller/application:
+    interfaces:
+      ApplicationClient:
   github.com/argoproj/argo-cd/v2/applicationset/generators:
     interfaces:
       Generator:
@@ -36,6 +39,9 @@ packages:
   github.com/argoproj/argo-cd/v2/controller/cache:
     interfaces:
       LiveStateCache:
+  github.com/argoproj/argo-cd/v2/event_reporter/application:
+    interfaces:
+      ApplicationClient:
   github.com/argoproj/argo-cd/v2/reposerver/apiclient:
     interfaces:
       RepoServerServiceClient:

Dockerfile

@@ -135,6 +135,8 @@ COPY --from=argocd-build /go/src/github.com/argoproj/argo-cd/dist/argocd* /usr/l
 USER root
 RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \
     ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server && \
+    ln -s /usr/local/bin/argocd /usr/local/bin/event-reporter-server && \
+    ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-change-revision-controller  && \
     ln -s /usr/local/bin/argocd /usr/local/bin/argocd-cmp-server && \
     ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller && \
     ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex && \